AIRCC PUBLISHING CORPORATION
HYBRID MODEL IN THE BLOCK CIPHER APPLICATIONS FOR HIGH-SPEED COMMUNICATIONS NETWORKS
Minh Nguyen Hieu1, Bac Do Thi2, Canh Hoang Ngoc3, Manh Cong Tran4, Phan Duong Phuc5 and Khoa Nguyen Tuan6
1Institute of Cryptographic Science and Technology, Hanoi, Vietnam
2Thai Nguyen University of Information and Communication Technology, Thainguyen, Vietnam
3Thuongmai University, Hanoi, Vietnam
4Le Quy Don Technical University, Hanoi, Vietnam
5Academy of Cryptography Techniques, Hanoi, Vietnam
6Research Laboratories of Saigon High-Tech Park, Ho Chi Minh City, Vietnam
The article proposes two different designs for the new block cipher algorithm of 128-bit block size and key lengths of 128-bit or 192-bit or 256-bit. The basic cipher round is designed in a parallel model to help improve the encryption/decryption speed. The differences of this design compared to the previous one developed on Switchable Data Dependent Operations (SDDOs) lies in the hybrid of the controlled elements (CEs) in the structure. Each design has a specific strength that makes the selection more compatible with the objectives of each particular application. The designs all meet the high security standards and possess the ability to fight off the attacks currently known. The designs match the limited environment of the wireless network by integrating effectively when implemented on Field-programmable gate array (FPGA) with both iterative and pipeline architectures for high effective integration.
Controlled substitution–permutation network (CSPN), Switchable Data Dependent Operation (SDDO), Block cipher, Hybrid model, Field-programmable gate array (FPGA).
A prior requirement for the cryptographic algorithm applied/employed to secure information in different wireless networks today is to save resources, low calculation costs, and low power consumption. This is a major requirement in wireless networks in general [1, 31]. Thus, the security designs are facing a critical requirementwhich is to secure by cipher for the increasingly complex wireless networks but must take into account more limits [2, 32]. The wireless devices working with battery power will be constrained by the environment in which they work and the resources with which they dealt. This makes the security designers unable to consider the security issues only from the property aspect. One of the most important current challenges is the gap between energy needs and the performance requirements for the handling of the security issues of [1, 2, 31, 32]. The processing gap which is the security system architecture of the current wireless network does not meet the required calculation of the security processing. The battery gap has emphasized that the cost for the current energy consumption to support the security problems of wireless networks working on batteries is very great. In addition to flexibility, it also requires the
mobile wireless networks to work on un-sync standards and security protocols. Tamper resistance has emphasized that the mobile wireless networks are on the face of the increasing number of attacks from the physical attacks to the software attacks. Assurance gaps regarding the reliability make the security systems demands continue to function reliably despite the attacks from the smart opponents intentionally looking forunexpected errors . However, the level of security is not the only important issue, an efficient encryption algorithm is an algorithm that should occupy less storage capacity, optimal use of hardware resources and consume less power. The cost of encryption and decryption depends on several parameters: the size of plaintext and ciphertext respectively; the complexity of the algorithm, cipher mode selected; and the process of the key generator. In particular, the key length is an important factor, and the longer the key, the longer the cipher. Similarly, the cost of encryption is dependent and the cost needs to perform decryption.
To meet the design requirements, one of the known trends, meeting the construction of a high- speed cipher algorithm for wireless communication networks is the use of Data Dependent Permutations (DDPs) . They are built based on permutation networks constructed from primitive operation P2/1 proposed and used as a primary element to design of various block ciphers like CIKS-1, CIKS-128 , Spectr-H64 , Cobra-S128 , Cobra-H64 , Cobra- H128 . The ciphers based on DDP, however, have a potential weakness for the attacks based on linear cryptanalysis and differential cryptanalysis, this has been demonstrated in studies [8- 12].
To overcome the weakness of the cipher algorithms based on DDP, some cipher algorithms based on the Data Dependent Operations (DDOs), they are built from controlled elements (CEs) of F2/1or F2/2 recommended in some studies DDO-64 , DDO-128 , Eagle-64 , Eagle-128 , XO-64 , KT-64 . These algorithms have proven to be suitable for the implementation of cheap hardware and high speed. However, these algorithms use only a simple key schedule; they can be related-key attacks (RKE) [21-25].
Thus, a new method against the related-key attacks is to develop algorithms based on the Switchable Data Dependent Operations (SDDO). SDDO is reviewed as the newest cipher operation, oriented to the design of a fast cipher algorithms suited to applications in the limited environment. SDDO is firstly suggested in Hawk-64 [17, 18]. Algorithms of MD-64 , BMD- 128  have also given and demonstrated their strengths in terms of security and integrated efficiency on the given hardware.
Integral efficacy advantages of SDDO combined with the CSPN design model in hybrid , a new block cipher algorithm named BM123-128 is proposed in this article. This is the block cipher algorithm of 128-bit block size with key lengths of 128-bit or 192-bit or 256-bit.
The algorithm is developed on various SDDOs with F32/256 (V,e) andF32/128 (V,e) in which:
F32/256 (V,e) hybrid CSPN structure built from two CEs are F2/2 and F’2/2.
F32/128 (V,e) built according to a uniform CSPN structure from CE F2/1(using CE Q2/1 ).
This is the special feature to create new designs. This solution helps each design have its own strength. Further advantages of the algorithm is it is designed according to the model of parallel processing for basic cipher round in order to enhance the encryption/decryption speed. At the same time, the algorithm that uses simple key schedule, but still ensures security against the random cryptanalysis. The process of encryption/decryption using the same structure with the use of switchable operation is set between the two modes of encryption and decryption. The results of
integral efficacy evaluation of algorithms on hardware obtained high integration effect. This shows an algorithm that meets the design requirements.
The article is structured as follows: Following the introduction, section 2 will present a new block cipher algorithm: BM123-128 with two different designs; section 3 presents the security estimation, the results of implementation on FPGA and section 4concludes on matters closely related to the proposed algorithm.
2. RESEARCH METHOD
BM123-128 is an algorithm which is developed in the block cipher mode with a block size of 128-bit, with 8 transformation rounds and secret key able to be selected as 128-bit or 192-bit or 256-bit. BM123-128 is designed in a parallel model for basic cipher round. This model helps to make encryption and decryption faster than serial models or a combination of serial and parallel models. The algorithm has used various SDDOs (F(V,e))in each particular case. SDDO is built based on hybrid or uniform CSPNs, then adds operation to Switchable Controlled Operation (SCO). The use of SDDO has been suggested earlier in several studies and considered as an element helping supporting the design of block cipher by using a simple key schedule. This helps the algorithm eliminate weak key that has just created a higher performance when deploying the algorithm on FPGA by reducing the cost of resources.
The process of encryption/decryption of BM123-128 is described as follows: Permutations in Figure 1(a1) and Figure 2(a2):
I=(1)(2,34)(3)(4,36)(5)(6,38)(7)(8,40)(9)(10,42)(11)(12,44)(13)(14,46)(15)(16,48)(17)(18,50)(19)(20,52)(21)(22,54)(23)(24,56)(25)(26,58)(27)(28,60)(29)(30,62)(31)(32,64)(33)(34,2)(35)(36,4)(37)(38,6)(39)(40,8)(41)(42,10)(43) (44,12)(45)(46,14)(47)(48,16)(49)(50,18)(51)(52,20) (53)(55)(56,24)(57)(58,26)(59)(60,28)(61)(62,30)(63)(64,32).
The design model of BM123-128 algorithm is shown in Figure 1, Figure 2 and Figure 3. Crypt(e)transformed function is detail described through the basic cipher round based on Figure 1(a1) and Figure 2(a2). The algorithm is developed with 2 different designs as in Figure 1(a1) and Figure 2(a2).
Figure 1. BM123-128 algorithm
(a1) basic cipher round (Crypt(e)) of case 1,
(b1) F’4/8, (c1) F32/128, (d1) F’16/64, (e1) F’32/256, (f1) F′32/256(𝐿,𝑒)
Figure 2.BM123-128 algorithm
(a2) basic cipher round (Crypt(e)) of case 2,
(b2) Q4/4,(c2) Q32/64, (d2) Q16/32, (e2) Q32/128, (f2) Q32/128(𝐿,𝑒)
Figure 3.The general structure of BM123-128
The CSPN design process in cases of the algorithm is shortly described as follows:
Weakness in the choice of F2/2 is a balanced logic function with a nonlinearity lower than the balanced logic function of F2/2, but has a higher differential characteristics (see Table 1). This yields a better avalanche effect of element than other cases, i.e. the ability to resist attacks by differential cryptanalysis of the algorithm, in this case, is also better.
Q2/1 CE shows the greatest non-linearity for y1, y2. Differential characteristics are listed in Table 1.
SDDOs:SDDOs F′32/256(𝑉,𝑒), Q32/128(𝑉,𝑒) used in the algorithm are described as in Figure 1(f1)and Figure 2(f2). The use of SDDO in the algorithm as mentioned will prevent possible weaknesses caused the only using a simple key schedule.
Also based on the results of the statistical analysis of the effects of keys and the analysis to eliminate weaknesses in related-key attacks, the key schedule of BM123-128 algorithm is designed as presented in Table 2.
Table 2. The key scheduling and lists the switch bits in BM123-128
3. SECURITY ESTIMATION AND FPGA SYNTHESIS RESULTS
The use of SDDO to design cipher algorithms using simple key schedule have been mentioned earlier in the studies [17-19, 27]. The use of SDDO also eliminates weak keys that may be generated due to not using complex key processes. This has been demonstrated in previous studies [8, 9].
Moreover, SDDO is built from a hybrid construction of CSPN in the design of algorithms. The hybrids will create greater space of choices that help the designers systemize the security by cipher with appropriate compromise between the security and integral efficacy of the algorithms on hardware.
3.1. Review of differential cryptanalysis
The resistance of a block cipher against differential cryptanalysis [18, 33, 34] depends on the maximum probability of differential characteristics, which are paths from the plaintext difference to the ciphertext difference.
Two designs proposed in the article are developed on SDDO, of which SDDO is designed from hybrid CSPNs. Based on the differential characteristics of basic elements and design structure of the expansion box, we can identify differential characteristic of the algorithm in the cases of using different SDDOs.
Figure 5. .Formation of the two-round iterative differential characteristic with the difference (L1,R0)(L0,R 1) with probability P(2)= 2-68 .
Details of the results are presented in Table 3. The results show that the proposed designs have a differential characteristic better than the majority of the known block ciphers and have been the best ones in case 1, by the differential of F2/2 elements chosen as the best ones and only after 4 rounds the design structure of the proposed algorithm can be able to resist differential cryptanalysis. However, to prevent the type of current un-predicted attacks, eight transformation rounds were used in the proposed designs.
Table 3. Security comparison of some cipher with BM123-128
3.2. Review of NESSIE test
For the purpose to check the statisticproperties of the block algorithm proposed in the article, we test it according to the method offered by the NESSIE Project (New European Schemes for Signatures, Integrity, and Encryption). In this method, we examine the statistic properties of the BM123-128 cipher corresponding to the following four pendence criteria :
1. The average number of output bits changed when changing one input bit – (1);
2. The degree of completeness – (2);
3. The degree of avalanche effect – (3);
4. The degree of strict avalanche criterion – (4).
According to NESSIE standard announced , we have tested with 10,000 random test samples with 2 models:
Model 1: X=100; K=100, reviewing the influence of the incoming text bits on the transformed text.
Model 2: X=100; K=100, reviewing the influence of the key bits on the transformed text. Evaluating model 2 is a compelling factor for the security of the algorithm because the algorithm uses only simple key schedule without using complex key schedule but maintaining security standards.
Detailed statistical results are presented in Table 4 and Table 5 (Inthe case of a 128-bit key). The obtained results are shown after the third round, the algorithm has met the security standards required by NESSIE (for both cases of 192-bit and 256-bit keys, resulted corresponding to the third round).
Table 4.The values for criteria 1-4 (in case of 128-bit key ofcase 1)
Table 5. The values for criteria 1-4 (in case of 128-bit key ofcase 2)
3.2. Review of FPGA synthesis results and comparisons
Integral efficacy is the solution evaluating the relationship between the cost of resources in the algorithm for the encryption/decryption speed to be achieved. The integral efficacy evaluation is usually done under the two architectures described in detail in .
Hardware implementations of the proposed cipher are designed and coded in the VHDL language. The BM123-128 cipher is examined in hardware implementation by using iterative (IT)and pipeline (PP)architectures for XILINX FPGA Virtex Device.In the first one, only one round of BM123-128 cipher is implemented in order to decrement the required hardware resources.In a pipelined architecture where all R-rounds of the data encryption part and the key scheduling part are implemented, the required hardware resources are increased.
Due to the use of the FPGAorientedprimitives, the BM123-128 is significantly more efficient for the FPGA implementation against the majorityofthe known block ciphers. Under both architectures, the results showed that the proposed algorithm can integrate more efficiently than do other algorithms including the DDP-based ones (COBRA-H128, CIKS-1), DDO-based one (Eagle-128) and AES finalists(MARS, RC6, Rijndael, Serpent, and Twofish) . In case 2, the integral efficacy is improved because the costof resources to design CE F2/1 is less than that of CE F2/2. Integral efficacy results implement the proposed algorithm on FPGA in comparison to other traditional algorithms, described in detail as in Table 6.
The comparisons are made in terms of Integral efficacy (IE). The Integral efficacy results are obtained by the following equations (two comparison models) :
IE = Throughput (Mbps) / Area (#CLBs)
IE = Throughput (Mbps) / ((Area (#CLBs) × Frequency (MHz))
Table 6. FPGA Synthesis Results of BM123-128 and Comparisons
Notes: N-the number of cycles; N = 1 i.e. refers to the algorithm designed by FPGA according to iterative architecture (IT); N = Rmax means algorithm designed on FPGA by Pipeline architecture) (PP).
The main research results in the article include:
CONFLICTS OF INTEREST
The authors declare no conflict of interest.
This research was supported by the project “Research, design and fabrication of IoT gateway devices integrated for the security solution in the IoT platform and applied for the air quality monitoring pilot in Ho Chi Minh City’s Saigon High-Tech Park” (contract number 48/2018/HĐ- QKHCN).
Minh Nguyen Hieu is a Vice Dean at the Institute of Cryptographic Science and Technology, Hanoi, Vietnam. He finished his Ph.D. at the Saint Petersburg Electrical Engineering University (2006). His research interests include cryptography, communication, and network security. He has authored or co-authored more than 85 scientific articles, book chapters, reports, and patents, in the areas of his research.
Bac DoThi is a Lecturer at the Faculty of Information Technology, Thai Nguyen University (Thainguyen,Vietnam). Her research interests include cryptography, communication, and network security. She received her Ph.D. from Le Quy Don Technical University (2014).
Canh Hoang Ngoc is a Lecturer at Thuongmai University, Hanoi, Vietnam. He received his master degree in information systems from the Le Quy Don Technical University of Vietnam in 2012. His research interests include cryptography, database, machine learning. Currently, besides teaching, he works as a network administrator and database administrator at Thuongmai University.
Manh Cong Tran got his master-degree in computer science from Le Quy Don Technical University of Vietnam in 2007. In 2017, Manh got his PhD degree from Department of Computer Science, National Defense Academy, Japan. His current research interests include network traffic classification/analysis and anomaly/malicious detection. Currently, Dr. Manh works as a researcher in Le Quy Don Technical University, Hanoi, Vietnam.
Phan Duong Phuc is a Lecturer at the Academy of Cryptography Techniques, Hanoi, Vietnam. He received his master degree in Telecommunications Engineering from Posts and Telecommunications Institute of Technology, Vietnam in 2014. His research interests include electronics, telecommunications, and cryptography.
Khoa Nguyen Tuan is a Researcher at the Research Laboratories of Saigon High-Tech Park, Ho Chi Minh City, Vietnam (SHTP Labs). His research interests include electronics, telecommunications, and cryptography.